package com.numberone.master.common.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.web.filter.AccessControlFilter;
import org.springframework.beans.factory.annotation.Autowired;
import com.numberone.master.common.encryption.RSAUtils;
import com.numberone.master.common.menu.RespCode;
import com.numberone.master.common.utils.BASE64;
import com.numberone.master.common.utils.ResponseDo;
import com.numberone.master.common.utils.SHA256Str;
import com.numberone.master.common.utils.StringUtils;
import com.numberone.master.modules.rsa.entity.RsaKey;
import com.numberone.master.modules.rsa.service.IpsService;
import com.numberone.master.modules.rsa.service.RsaService;
import com.numberone.master.modules.sys.entity.User;
import com.numberone.master.modules.sys.service.SystemService;

/**
 * 接口登录拦截器
 * 
 * @author ck
 * 
 * @date 2018年2月28日下午3:45:03
 */
public class ShiroLoginFilter extends AccessControlFilter {

	@Autowired
	private IpsService ipsService;

	@Autowired
	private SystemService systemService;

	@Autowired
	private RsaService rsaService;

	@Override
	protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse,
			Object mappedValue) throws Exception {
		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;
		try {
			//String contextPath = request.getContextPath();
			String dispatchPath = request.getServletPath();
			String account = request.getParameter("account");
			String token = request.getParameter("token");// 获取TOKEN
				if (StringUtils.isBlank(account)) {
					ResponseDo.dealWithAjaxReturn(response, RespCode.NOT_USER_NAME_ERROR);
					return false;
				}
				if (StringUtils.isBlank(token)) {
					ResponseDo.dealWithAjaxReturn(response, RespCode.NOT_PARAM_ERROR);
					return false;
				}
				// 验证账号是否存在
				User user = systemService.getUserByLoginName(account);
				if (user == null) {
					ResponseDo.dealWithAjaxReturn(response, RespCode.USER_NOT_EXIST_ERROR);
					return false;
				} else {
					// 查询有没有加密设置
					RsaKey rsaKey = rsaService.selectRsaKey(user.getId());
					if (rsaKey == null) {
						ResponseDo.dealWithAjaxCustomReturn(response, "-1","此账号未设置开发者公私密匙。");
						return false;
					} else {
						String appKey = rsaKey.getAppKey();
						// SHA-256加密
						String sha256Key = SHA256Str.getSHA256Str(account + appKey);
						if (!StringUtils.equals(token, sha256Key)) {
							ResponseDo.dealWithAjaxReturn(response, RespCode.ENCRYPTION_ERROR);
							return false;
						} 
						//else {
							// 需要校验加密数据
/*							if (dispatchPath.indexOf("encode/") != -1) {
								String encodedDataStr = request.getParameter("encoded").replaceAll(" ", "+");// 获取加密数据
								String sign = request.getParameter("sign").replaceAll(" ", "+");// 获取sign参数
								if (StringUtils.isBlank(sign)) {
									ResponseDo.dealWithAjaxReturn(response, RespCode.NOT_PARAM_ERROR);
									return false;
								}
								if (StringUtils.isBlank(encodedDataStr)) {
									ResponseDo.dealWithAjaxReturn(response, RespCode.NOT_PARAM_ERROR);
									return false;
								} else {
									String publicKey = rsaKey.getPublicKey();
									byte[] encodedData = BASE64.decodeBASE64(encodedDataStr);// Base解码
									try {
										boolean status = RSAUtils.verify(encodedData, publicKey, sign);// 验证签名是否正确
										if (status == false) {
											ResponseDo.dealWithAjaxReturn(response, RespCode.ENCRYPT_ERROR);// 签名没有通过
											return false;
										}
									} catch (Exception e) {
										ResponseDo.dealWithAjaxReturn(response, RespCode.UNKNOWN_ERROR);
										return false;
									}
								}
							}*/
						//}
					}
				}
		} catch (Exception e) {
			ResponseDo.dealWithAjaxReturn(response, RespCode.UNKNOWN_ERROR);
			return false;
		}
		return true;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
		return false;
	}

}